In 2023, the SEC adopted rules requiring registrants to disclose “material cybersecurity incidents” and to disclose “material information regarding their cybersecurity risk management, strategy, and governance.” This session will answer questions for infosec professionals, legal teams, CISOs, and the board dealing with the concept of materiality and these disclosures.
This session will explain the concept of “materiality” by examining cases on materiality, the reporting requirements of the new rule, and actual SEC filings. Then, we will look at some examples (based on real-life companies) to ask (1) what information is material, (2) what should be disclosed, and (3) when?

Learning Objectives:

• At the end of this session participants will have a greater understanding of “materiality”
• Understand some of the questions infosec professionals should be asking after an incident is discovered
• Be able to evaluate their organization’s preparation to face the legal issues presented